CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,816 vulnerabilities with CWE-89
CVE-2022-27379 HIGH
MariaDB 10.3.0-10.3.34 - Denial of Service via Arg_comparator::compare_real_fixed
CVSS 7.5
CVE-2022-27378 HIGH
MariaDB < 10.2.44 - Denial of Service via Create_tmp_table::finalize
CVSS 7.5
CVE-2022-28036 CRITICAL
AtomCMS 2.0 - SQL Injection via Atom.CMS_admin_ajax_navigation.php
CVSS 9.8
CVE-2022-28035 CRITICAL
Thedigitalcraft Atomcms - SQL Injection
CVSS 9.8
CVE-2022-28034 CRITICAL
AtomCMS 2.0 - SQL Injection via Atom.CMS_admin_ajax_list-sort.php
CVSS 9.8
CVE-2022-28033 CRITICAL
Thedigitalcraft Atomcms - SQL Injection
CVSS 9.8
CVE-2022-28032 CRITICAL
AtomCMS 2.0 - SQL Injection via Atom.CMS_admin_ajax_pages.php
CVSS 9.8
CVE-2022-27473 CRITICAL
Roothub 2.6.0 - Unauthenticated SQL Injection via Topics Search Parameter
CVSS 9.8
CVE-2022-27472 CRITICAL
Roothub 2.6.0 - Unauthenticated SQL Injection via Topics Counting Feature
CVSS 9.8
CVE-2022-27165 CRITICAL
CSZ CMS 1.2.2 - SQL Injection via Plugin Manager Status Parameter
CVSS 9.8
CVE-2022-27164 CRITICAL
CSZ CMS 1.2.2 - SQL Injection via cszcms_admin_Users_viewUsers
CVSS 9.8
CVE-2022-27163 CRITICAL
CSZ CMS 1.2.2 - SQL Injection via cszcms_admin_Users_editUser
CVSS 9.8
CVE-2022-27162 CRITICAL
CSZ CMS 1.2.2 - SQL Injection via cszcms_admin_Members_editUser
CVSS 9.8
CVE-2022-27161 CRITICAL
Csz Cms 1.2.2 - SQL Injection via cszcms_admin_Members_viewUsers
CVSS 9.8
CVE-2022-28347 CRITICAL
Django 2.2-2.2.27, 3.2-3.2.12, 4.0-4.0.3 - SQL Injection via QuerySet.explain() Options
CVSS 9.8
CVE-2022-28346 CRITICAL
Django 2.2-2.2.27, 3.2-3.2.12, 4.0-4.0.3 - SQL Injection via QuerySet Column Alias Dictionary Expansion
CVSS 9.8
CVE-2022-24827 HIGH
Elide 6.1.3 - SQL Injection via Parameterized TEXT Column
CVSS 8.1
CVE-2022-24815 HIGH
generator-jhipster 7.0.0-7.8.0 - SQL Injection in Reactive Spring WebFlux Entity Repository
CVSS 8.1
CVE-2022-1023 HIGH
Podcast Importer SecondLine < 1.3.8 - SQL Injection via Malicious Podcast File Import
CVSS 7.2
CVE-2022-1006 HIGH
Advanced Booking Calendar < 1.7.1 - Authenticated SQL Injection via Calendar ID Parameter
CVSS 7.2
CVE-2022-0949 CRITICAL
Block Bad Bots WordPress plugin < 6.930 - Unauthenticated SQL Injection
CVSS 9.8
CVE-2022-27041 HIGH
OpenSIS Classic 8.0 - SQL Injection via Student ID Parameter
CVSS 7.5
CVE-2022-27127 MEDIUM
zbzcms v1.0 - SQL Injection via id Parameter at /php/ajax.php
CVSS 6.5
CVE-2022-27126 CRITICAL
zbzcms v1.0 - SQL Injection via Art Parameter
CVSS 9.8
CVE-2022-28001 CRITICAL
Movie Seat Reservation 1.0 - SQL Injection via id Parameter
CVSS 9.8
Details
Vulnerabilities 19,816
Exploit Likelihood High